Guillaume Destuynder (:kang)

Guillaume Destuynder (:kang)

hacking stuff, one bug at a time

less than 1 minute read

Remember the weird syntax!

This weird ldapsearch command syntax

I, for one, never remember how to use ldapsearch (and similar commands). The man doesn’t have a clear example and Google searches aren’t always to the point.. well!

Find all members of group posix_sysadmins (or any other group)

This outputs the ‘memberUid’ attribute from users in ‘posix_sysadmins’ while logging in as kang@example.com. This assumes an OU ‘groups’ (which is generally default…).

ldapsearch -h ldap.example.com -x -D "mail=kang@example.com,o=com,dc=example" -W  -b 'cn=posix_sysadmins,ou=groups,dc=example' 'memberUid'

Filter valid acccounts in ldap

This outputs a list of “non-disabled” accounts. Note that in this case this is a custom attribute. This whos the syntax for queries where you want to exclude a match. Turns out using ‘!=’ operator would have been way too logical :)

ldapsearch -h ldap.example.com -x -D "mail=kang@example.com,o=com,dc=example" -W -b dc=example "(mail=*)" dn "(!(employeeType=DISABLED))"

Updated:

Comments

You May Also Enjoy

Mueller Report

1 minute read

These are just my notes about the operational security pieces that are relevant to the US’s Mueller report about Russian interference with US elections of 20...

Containers, systemd-nspawn and overlayfs

7 minute read

This is a little blurb about how to use namespaces most efficiently at the time of writting. In particular, systemd-nspawn offers a lot of flexibility, is li...

Sheeva plug

4 minute read

The Sheeva plug is a relatively old ARM-based (ARMv5, Kirkwood/Feroceron CPU) “plug-style” Linux box, with 512Mb NAND flash, an SDCard reader, and an ethern...